Unrated severityNVD Advisory· Published Mar 1, 2018· Updated Sep 16, 2024
proxy credentials written to log files by zypper
CVE-2017-9271
Description
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
123- osv-coords121 versionspkg:rpm/opensuse/libzypp&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libzypp&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/yast2-installation&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/zypper&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/libsigc++2&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libsigc++2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libsigc++2&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libsigc++2&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libsigc++2&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libsolv&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libsolv&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libsolv&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libsolv&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libyui-ncurses-pkg&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libyui-ncurses-pkg-doc&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libyui-qt-pkg&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libyui-qt-pkg-doc&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/libzypp&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libzypp&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libzypp&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libzypp&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015pkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP2pkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/yast2-installation&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP1pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/yast2-pkg-bindings&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/zypper&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/zypper&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/zypper&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/zypper&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/zypper&distro=SUSE%20Manager%20Server%204.0
< 17.25.5-lp152.2.16.1+ 120 more
- (no CPE)range: < 17.25.5-lp152.2.16.1
- (no CPE)range: < 17.28.4-1.2
- (no CPE)range: < 4.2.48-lp152.2.12.1
- (no CPE)range: < 1.14.41-lp152.2.12.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 2.10.0-3.7.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.40.1
- (no CPE)range: < 0.7.17-3.40.1
- (no CPE)range: < 0.7.17-3.40.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.40.1
- (no CPE)range: < 0.7.17-3.40.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 0.7.17-3.32.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.48.9-7.7.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 2.45.28-3.10.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.66.1
- (no CPE)range: < 17.25.8-3.66.1
- (no CPE)range: < 17.25.8-3.66.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.5-3.25.6
- (no CPE)range: < 17.25.5-3.25.6
- (no CPE)range: < 16.22.13-65.3
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.66.1
- (no CPE)range: < 16.22.13-65.3
- (no CPE)range: < 17.25.8-3.66.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 16.22.13-65.3
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 17.25.8-3.48.1
- (no CPE)range: < 4.0.77-3.22.5
- (no CPE)range: < 4.0.77-3.22.5
- (no CPE)range: < 4.0.77-3.22.5
- (no CPE)range: < 4.2.48-3.16.1
- (no CPE)range: < 4.2.48-3.16.1
- (no CPE)range: < 4.0.77-3.22.5
- (no CPE)range: < 4.0.77-3.22.5
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 4.1.3-3.10.3
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.49.1
- (no CPE)range: < 1.14.43-3.49.1
- (no CPE)range: < 1.14.43-3.49.1
- (no CPE)range: < 1.14.41-3.14.10
- (no CPE)range: < 1.13.66-21.61.3
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.49.1
- (no CPE)range: < 1.13.66-21.61.3
- (no CPE)range: < 1.14.43-3.49.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- (no CPE)range: < 1.14.43-3.34.1
- SUSE/zypperv5Range: n/a
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/mitrevendor-advisoryx_refsource_FEDORA
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- www.suse.com/de-de/security/cve/CVE-2017-9271/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.